1
0
Fork 0

Add a bundled cacert.pem as a last resort option

pull/2745/head
Pádraic Brady 2014-03-02 14:06:47 +00:00
parent 306ba77e93
commit 470fb58273
4 changed files with 3819 additions and 11 deletions

3785
res/cacert.pem Normal file

File diff suppressed because it is too large Load Diff

View File

@ -110,6 +110,9 @@ class Compiler
$this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/include_paths.php')); $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/include_paths.php'));
} }
$this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/ClassLoader.php')); $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/ClassLoader.php'));
$this->addFile($phar, new \SplFileInfo(__DIR__ . '/../../res/cacert.pem'), false);
$this->addComposerBin($phar); $this->addComposerBin($phar);
// Stubs // Stubs

View File

@ -50,7 +50,7 @@ class ConfigValidator
// validate json schema // validate json schema
$laxValid = false; $laxValid = false;
try { try {
$json = new JsonFile($file, Factory::createRemoteFilesystem($this->io)); //TODO $json = new JsonFile($file, Factory::createRemoteFilesystem($this->io)); //TODO - can't configure here obviouslyS
$manifest = $json->read(); $manifest = $json->read();
$json->validateSchema(JsonFile::LAX_SCHEMA); $json->validateSchema(JsonFile::LAX_SCHEMA);

View File

@ -486,15 +486,28 @@ class RemoteFilesystem
); );
/** /**
* Attempt to find a local cafile or throw an exception. * Attempt to find a local cafile or throw an exception if none pre-set
* The user may go download one if this occurs. * The user may go download one if this occurs.
*/ */
if (!isset($this->options['ssl']['cafile'])) {
$result = $this->getSystemCaRootBundlePath(); $result = $this->getSystemCaRootBundlePath();
if ($result) { if ($result) {
if (preg_match("|^phar://|", $result)) {
$tmp = rtrim(sys_get_temp_dir(), '\\/');
$target = $tmp . DIRECTORY_SEPARATOR . 'composer-cacert.pem';
$cacert = file_get_contents($result);
$write = file_put_contents($target, $cacert, LOCK_EX);
if (!$write) {
throw new TransportException('Unable to write bundled cacert.pem to: '.$target);
}
$options['ssl']['cafile'] = $target;
} else {
$options['ssl']['cafile'] = $result; $options['ssl']['cafile'] = $result;
}
} else { } else {
throw new TransportException('A valid cafile could not be located automatically.'); throw new TransportException('A valid cafile could not be located automatically.');
} }
}
/** /**
* Disable TLS compression to prevent CRIME attacks where supported. * Disable TLS compression to prevent CRIME attacks where supported.
@ -560,15 +573,22 @@ class RemoteFilesystem
'/opt/local/share/curl/curl-ca-bundle.crt', // OS X macports, curl-ca-bundle package '/opt/local/share/curl/curl-ca-bundle.crt', // OS X macports, curl-ca-bundle package
'/usr/local/share/curl/curl-ca-bundle.crt', // Default cURL CA bunde path (without --with-ca-bundle option) '/usr/local/share/curl/curl-ca-bundle.crt', // Default cURL CA bunde path (without --with-ca-bundle option)
'/usr/share/ssl/certs/ca-bundle.crt', // Really old RedHat? '/usr/share/ssl/certs/ca-bundle.crt', // Really old RedHat?
__DIR__.'/../../../res/cacert.pem', // Bundled with Composer
); );
static $found = false; static $found = false;
$configured = ini_get('openssl.cafile');
if ($configured && strlen($configured) > 0 && is_readable($caBundle) && \openssl_x509_parse(file_get_contents($caBundle))) {
$found = true;
$caBundle = $configured;
} else {
foreach ($caBundlePaths as $caBundle) { foreach ($caBundlePaths as $caBundle) {
if (is_readable($caBundle) && \openssl_x509_parse(file_get_contents($caBundle))) { if (is_readable($caBundle) && \openssl_x509_parse(file_get_contents($caBundle))) {
$found = true; $found = true;
break; break;
} }
} }
}
if ($found) { if ($found) {
$found = $caBundle; $found = $caBundle;
} }